Keeping it confidential

Keeping it confidential: 4 steps to keep internal documents safe on SharePoint

“Can I keep confidential documents on SharePoint? Are they safe?” These questions are on the top of the list of every new potential SharePoint user. Why is this so important? SharePoint allows users to create libraries to upload any kind of content: from internal processes to finance reports to payroll data. Some of this content should only be seen by certain employees.


Confidentiality is an integral part of compliance. When you started to build your compliance infrastructure, identifying confidential content was part of the first steps. The best way to do this is by creating a comprehensive policy with your IT team or your SharePoint service provider when implementing your intranet. This policy should be enforced and monitored effectively. It should also be discussed with employees and users to avoid problems and misunderstandings. This also helps them understand the importance of confidential documents and the right way to manage them.

Also read: Making compliance a long-term goal


So how can you create a comprehensive confidentiality policy? These 4 tips can help.

  1. Be specific about what content is permissible:

List the types of documents that can be stored in SharePoint. Specify who has access to which documents and the level of access each person has. This means that the policy needs to be clear in who is allowed to publish, see, download or review documents. For example, any finance employee can upload Excel sheets, but only the Finance Director has the authority to review and edit them.

  1. Continually train employees:

Educate them about the importance of privacy and confidentiality. Create Terms of Service when deploying SharePoint for the first time and update them periodically. Make sure your IT department notifies users when changes are made to the terms of use.

  1. Create classifications to guide behaviors:

Ask your IT department or SharePoint provider to program a pop up that comes up every time a user tries to access a document without authorization. The notification will tell them the types of content allowed and the type of documents they have access to.

  1. Enforcing policies is a must:

IT managers must notify immediately if someone tries to access confidential documents without authorization. If the same employee incurs in several violations, appropriate action must be taken.

Keep in mind that levels of access have to be updated continually, especially if your company has terminated employees or has moved one to another department. Another good practice is to ask your users to change their passwords every three to four months. Remember, confidentiality and security are priorities to any company that needs to be in compliance.

If you have questions on how SharePoint and ShareStack can help you comply click here.

Confidentiality starts with a good compliance strategy