As Microsoft’s marquis communication and collaboration tool, Teams is helping companies all over the world. It is worth spending some time understanding how to use Microsoft Teams effectively for information governance. The following tips will help push your organization in the right direction.
Microsoft Teams for Information Governance
Even before most of us were asked to work from home for what feels like an eternity now, Microsoft Teams was arguably the fastest growing business tool of the past few years. In a short period — Teams launched in 2017 — it collected a vast number of users, and at the time this article is written, it appears that more than 44 million people around the world use Microsoft Teams on a daily basis.
Yet, for all the (deserved) success it will gather, Microsoft Teams is a tool. Deploying it to a wide workforce, hoping that employees will figure it out by themselves is a mirage. People use Teams daily to chat, collaborate, create documents, share information and have a laugh with the perfect GIF at the perfect time, and organizations are now under intense scrutiny, by both the public and regulators, for all the information they create and manage.
Teams is great at fixing a short-term problem with communication and collaboration, but the way its deployment is managed can make the difference in the long-term. In this article we will review some of the things a company should consider when rolling out Microsoft Teams, so that clear guidance can be given to employees in order to effectively use Teams for information governance.
The balance between productivity and information governance is a real challenge. If employees are left using tools as they prefer, most likely a few legal and compliance problems will arise that can hurt the company and its reputation. On the other hand, the very moment information governance is enforced is when people start to figure out alternative ways to do their jobs — ways that often involve tools and systems that have not been vetted by IT and do not have the same level of attention to security that Microsoft Teams has.
Information governance can be described as the set of actions an organization takes to balance the risk that information presents with the value that information provides. In this sense, it is an effort that helps with compliance, operational transparency and legal discovery, by ensuring appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information.
If we apply these concepts to Microsoft Teams, there are three key areas where companies can take action to guide employees in a more effective use of Microsoft Teams.
The Creation of Information
Any team, channel, conversation, document, meeting note, recording is a piece of information that gets stored in some part of Office365 and might require special treatment in the way of information governance.
The way information is created also has a direct impact on access to that information at a later stage, and that’s why organizations that want to effectively use Microsoft Teams will be faced with three questions.
What do we Use Teams for?
First, it is important to understand how employees will be using Microsoft Teams. What are the key processes the organization plans to replace with Teams? What will it be its main function?
A shared understanding can make it easier for people to know what type of information they are expected to create (and find) in Teams.
If the main purpose is internal communication, then most of the information created will be conversations, chat logs, meeting recordings, perhaps meeting notes (all stored in different places). If, instead, Teams will also be used for project management and collaboration, then very likely also contracts, project plans, and customer information will be exchanged, adding a level of complexity to information governance — documents get stored either in SharePoint or OneDrive, more on this in a while.
Who can Create Information?
Because of the difficulties in balancing productivity and information governance we mentioned above, there is a widespread tendency to leave freedom to anyone in the organization to create information. Being able to set up a workspace without having to ask permission, for example, enables flexibility and jump starts the setup of projects, avoiding shadow IT and alternative ways to get things done.
Nonetheless, it is good practice to have clarity around items, including:
- When a team is needed (versus a channel, for example)
- Who should be invited to teams (only internal employees or also external contributors?)
- What type of content is permissible to have in Microsoft Teams and what should be stored elsewhere?
There is no unique and perfect solution to address these topics, each company will have to figure out on its own how to more effectively make decisions. In general, though, it is advised not to enforce guidelines from the top down. Different stakeholders will have to be involved, so that they can express end-users needs and challenges that will eventually be reflected in the Teams deployment plan.
The great advantage is that stakeholders can then act as champions for the new tool, advising colleagues on best practices and helping the company enforce information governance effectively in Microsoft Teams.
How do we Classify Information?
Naming things (teams, channels, documents, etc.) can be problematic when it is left to the chance or the creativity of the single employee. Imagine having a bunch of teams following the standard “project-number”, and another bunch of teams that instead go by “project-customer_name”. In such a scenario, how likely would it be to have two teams for the same project?
Renaming teams and channels can get messy. It is better to ensure a consistent naming standard. And in making this choice, it is important to consider the point above about why teams are created in the first place. If the company is using Teams mainly for internal communication, then it might be enough to set a guideline around having teams for each department; if instead collaboration is also important, and cross-departmental teams will have to be created, then again talking to stakeholders and looking at the way projects, for example, are named can inform how to name teams and channels.
Something also worth considering is the little icon that accompanies every team that gets created. Teams automatically sets a standard icon with the initials of the team’s name (e.g. “M-Files all Company” will be iconized as “MC”). Icons are a good way to immediately spot and recognize a team, and you might want to consider asking your creatives to come up with some sort of icon template that owners can use when creating a new team.
And of course, it is not only about teams and channels. Your company’s naming conventions in labeling documents, for example, should be transferred to document creation and storage in Microsoft Teams. If you are using sensitivity labels, make sure employees understand their importance and how to apply them to documents that are circulated in teams and channels. Third-party information management systems can also help tag documents with appropriate metadata, in order to facilitate archiving and retrieval at later stages.
Information through its Lifecycle
Once there is clarity around what Teams will be used for, who will oversee the creation of information and how such information will be named (and therefore classified), it is time to think about how information is managed.
What happens to information? Where is it stored?
How does it move from one state to the next in its lifecycle — for example, from approval to signature, from expiration to retention?
There are two main questions to ask when looking at information lifecycle management in Microsoft Teams.
How is Information Moved Around?
Documents and information, in general, rarely exist at a single point in time. They are malleable. More often, they are edited, changed, approved, archived and so on. After all, we are all familiar with documents labelled contract-final-truly-final-version-3.docx.
This is where things get tricky in Microsoft Teams, for a few reasons.
Teams is a great tool for communication and collaboration, yet it tends to silo information by saving a team’s document in the team’s SharePoint site — which is only accessible to the team’s members. To add another layer of complexity, documents shared in 1-1 or group chats are instead stored in OneDrive. Moreover, Teams flow of information is chat-like. Certain items can be pinned, and yet the impression is that information gets continuously swallowed as days go by. And finally, Teams lacks basic workflow capabilities. If I want to ask a colleague for input on a document, I must push the document to them manually — by tagging them in a conversation or a comment, for example. Then, I hope they will respond in due time.
That is why organizations deploying Teams should provide guidance on how information is moved around.
- Are there documents that different teams need access to over time — contracts that might be of interest both to a project team and to a legal team, for example?
- If so, what is the most effective way to guarantee visibility to employees that are in different teams?
- Is sharing a link to the document in a conversation enough?
- How can we ensure accountability for steps that are needed to move the project forward, like review, approval, signature?
The best way to go about addressing these types of questions is, once again, to involve stakeholders in understanding how users utilize Teams. After all, if documents are rarely used and video calls and chat are the main use cases, the company might probably be fine with the tools already provided by Microsoft. But if, on the other hand, collaboration is intensive and documents are heavily used, then it might be better to consider supporting Teams with a third-party information management system.
How do we Retain Information?
Partly a subset of the previous question, to use Microsoft Teams effectively for information governance, a company also needs to understand how information is identified, archived and retained (or disposed of), in line with best practices and regulations.
If you have addressed the questions so far, you should now have an idea of what type of content your company should expect to find in Teams, how it gets classified and how it is used in day-to-day operations.
Next, consider the following:
- How information gets tracked over time
- How to ensure it is not lost
- How to facilitate retrieval (discovery) when needed
- How the organization keeps track of document changes and versions
Some Office365 features can help with this, and those that use Microsoft Teams effectively make it so that the need for human input in these processes is reduced to a minimum. Third-party tools could help in this sense, making the process automated and audit-ready. For example, automation can help identify documents that contain personal identifiable information (PII), assigning it to the correct workflows to manage retention and disposition, and track the “who” and “when” of potential access and changes.
The final area where companies can take action to guide employees in a more effective way to use Microsoft Teams for information governance is security.
The very essence of Microsoft Teams is about communication and collaboration, and this implies that information should be free to flow, at least between people that have a need for it. The way this is done in practice, though, poses concrete risks to information security. By answering the following two questions, organizations can better prepare to avoid accidental leaks and data loss.
Who is the Information for?
By default, if you are part of a team (or channels inside a team), you have access to all the information that members of the team have access to. This means the entire conversation and all the documents saved in the team’s SharePoint site — which is to say, all the documents in the File tab on top of the workspace.
If that sounds scary, it’s probably because it is. Say that you have a team for a project, and also a channel for a specific piece of that project to which you want to invite an external contractor to keep them in the loop and contribute. This guest will have access to all information at team’s level, and that means potentially also documents featuring customer details or estimates you have initially received from other contractors.
Together with the question regarding who should be invited to a team (see above), asking who the information is for gives further clarity around what type of threats the company is exposed to. It is not advisable to cut guests from participating in Teams completely; their input might well be fundamental to the completion of the project. But further guidance about which documents to store in Teams (SharePoint) could help employees. Or even better, third-party information management solutions could be considered to ensure permissions are granted at document level rather than at team level.
Which Apps and Integrations are Allowed?
The last question to address in order to draft guidelines that enable employees to use Microsoft Teams effectively is about possible extensions to the tool.
Channels can be customized in different ways by adding both Microsoft’s apps and third-party’s apps, as well as connecting to external archives. (As of the publish date of this article, possible connections include Google Drive, Dropbox, Box, Egnyte and ShareFile).
The option to add apps and integrations to cloud storage services can be switched on or off by admins, and this is something that should be considered carefully. Once this is allowed, nothing prevents an employee to connect a channel to their own personal Dropbox account and move documents around — or to install an app that has not been vetted and approved by IT.
Collecting a list of apps and integrations that different departments or projects might need to carry out their job is a good place to start. These can be green lit, while others could be blocked to prevent shadow IT in Microsoft Teams. Also, be mindful that this type of audit of needs should be done periodically, as needs might change over time, and new expansions and customizations might be made available by Microsoft itself.
It is also worth considering a case where important information is stored in systems with which Microsoft Teams cannot integrate. How is such information made available in Teams? The Northern light in this case should be avoiding the duplication of data and the subsequent data sprawl; employees will have to be guided in this direction. Once more, depending on the case, it might be worth considering the addition of an information management system on top of Teams, a tool that usually offers more extensive and controlled integration capabilities.
As more and more organizations are implementing Microsoft Teams, problems start to arise in terms of creating information, managing information through its lifecycle and safeguarding information.
Today, most companies are subject to stringent demands in terms of information governance — in brief, how information is created, stored, accessed and archived. To make sure that organizations can use Microsoft Teams effectively for information governance, we believe guidelines should be drafted and shared with employees, touching on seven key questions that cover critical areas of information governance.
- How do we use Teams?
- Who can create information?
- How do we classify information?
- How is information moved around?
- How do we retain information?
- Who is the information for?
- Which apps and integrations are allowed?
When discussing these topics, two things should be considered.
First, decisions made should not be imposed on the workforce, otherwise information governance might be perceived as stifling productivity, and people might be forced to find a way around it. This can be prevented by involving key stakeholders in the discussion — people who have their finger on the pulse of employees’ needs and pain points. These stakeholders should work with IT and information governance experts to ensure the best possible balance between best practices and outcomes. These champions will also play a critical role in later stages of deployment, as they can train employees, answer their questions, evangelize the need for guidelines and, in general, ensure that the guidelines come to life in the day-to-day use of Microsoft Teams.
Then, it is probably wise not to expect such guidelines be carved in stone. The conversation about how to effectively use Microsoft Teams for information governance should be open, as the tool continues to evolve, and new needs might arise from the workforce.