The Documents That Belonged to a Person, Not the Organisation
The conversation started with a straightforward question: could we help a small organisation get its Microsoft 365 environment tidied up before a governance review? Reasonable enough. But when we started looking at how information was actually stored and managed, what we found was a problem that had nothing to do with tidiness.
The organisation's most important documents didn't really belong to the organisation. They belonged to the people who were managing them.
This isn't unusual. It's arguably the default state of most small organisations that haven't consciously designed their information governance. Documents get created by whoever needs them, stored wherever is most convenient, and managed by the person responsible for that area of work. Over time, institutional knowledge accumulates in personal OneDrives, email archives, and folders that only one person has ever really navigated.
It works, after a fashion, for as long as those people are there. The moment someone leaves — or is unexpectedly unavailable — the fragility of the arrangement becomes apparent very quickly.
In this case, a previous member of staff had managed several years of important correspondence and agreements. When they left, their account was closed in the normal way. What hadn't happened was any structured handover of the documents they'd been managing. Those documents were recoverable, as it turned out — but only because the organisation acted quickly and had a competent IT provider. The recovery process took time and created unnecessary anxiety ahead of a review that should have been straightforward.
The underlying issue wasn't the leaver. It was that nobody had ever made an active decision about where important information should live. The path of least resistance — keeping things where they were easiest to manage in the moment — had been followed consistently, because nobody had designed a better path.
When information governance isn't designed deliberately, it gets designed by accident. And accidental information governance tends to look like this: critical documents in personal accounts, permissions that have drifted from what was intended, no clear retention policy, and a growing dependence on specific individuals to know where things are and how to find them.
None of it feels like a problem until it is one.
The fix was straightforward once the immediate issue was resolved. We worked with the organisation to establish a simple, clear structure in SharePoint — not elaborate, not over-engineered, just consistent. Every category of document was given a defined home. Permissions were reviewed and set to reflect who actually needed access to what. A short offboarding checklist was put in place so that any future departure included a document handover step before accounts were closed.
Two pages of guidance for staff replaced what had previously been an unspoken assumption that everyone would figure it out. The principle was simple: if a document matters to the organisation, it should be stored somewhere the organisation can always reach it — regardless of who created it or who's currently responsible for it.
Cloud storage and good information governance are not the same thing. A file in someone's personal OneDrive is technically in the cloud. It's also inaccessible to everyone else and doesn't survive the closure of that person's account.
The question worth asking is not "do we have our documents?" but "could we find our documents tomorrow if the person who manages them wasn't available?" It's a simple question. In many organisations, the honest answer is more uncomfortable than expected.
It's also one of the more straightforward things to fix — and significantly easier to address before a governance review than during one.
