How to organise your shared drive before it becomes a risk

Shared drives are the digital backbone of most general practices. From HR policies to patient templates, rotas to complaints logs, they hold everything your team needs to run the business of healthcare. But without structure, naming conventions or access controls, your shared folders can quickly become an unmanaged sprawl - one that increases the risk of data breaches, lost documents, or staff using outdated files. 

Information governance isn’t just about cyber attacks or policy audits. Sometimes the biggest threats come from something as simple as someone opening the wrong folder, emailing the wrong version, or deleting a document by mistake. Here’s how to get your shared drive in order - before CQC, your DPO, or a breach forces your hand. 

Why shared drive organisation matters

A messy shared drive is more than a nuisance. It creates real risks: 

• Outdated templates used in patient care. 

• Staff confusion about where to save or find files. 

• Sensitive files left in open-access folders. 

• Multiple versions of policies in circulation. 

• Difficulty responding to SARs or FOI requests. 

More importantly, if an incident occurs - like the wrong letter being sent, or a former employee accessing restricted documents - you need to show that reasonable precautions were in place. Organising your shared drive is a practical, low-cost way to reduce information risk and increase team confidence.

Signs your shared drive needs attention 

Not sure whether your drive is at risk? Look for these red flags: 

• Files saved to random or personal folders. 

• Old, unused documents from years ago. 

• No clear folder structure or naming conventions. 

• Documents with names like “FINAL FINAL v3.docx”. 

• Staff unsure where to save or find key items. 

• Passwords or patient data stored in unprotected formats. 

If any of these apply to you, it’s time to tidy up - before something goes wrong. 

A practical approach to sorting your shared drive 

1. Audit what you’ve got 

Before you start reorganising, get a clear picture of what’s already there. Use your system’s file explorer or a tool like TreeSize or WinDirStat to scan for: 

• File types (for example, spreadsheets, PDFs, images). 

• Largest files and folders.

• Duplicate or outdated files. 

• Files with potentially sensitive information. 

You may need help from IT support for this step - especially if you’re using a networked or cloud-based system. 

2. Create a clear folder structure 

Start with broad categories, then build down. For example: 

• Clinical templates. 

• HR and staffing. 

• Policies and protocols. 

• Governance and audit. 

• Patient leaflets. 

• Archived or legacy documents. 

Avoid overly complex nested folders - the deeper the structure, the harder it is to navigate. 

3. Set naming conventions 

Agree a standard way to name documents and folders. Consider: 

• Date format (for example, YYYY-MM-DD). 

• Version control (for example, v1, v2, FINAL). 

• Owner initials or team names if relevant. 

• Clear, concise titles - for example, “Complaints policy v2 2023”. 

Share this standard with all staff - and reinforce it regularly. 

4. Review permissions 

Check who has access to what. Not every member of staff needs access to everything. Make sure: 

• Sensitive files (for example, HR records, safeguarding notes) are restricted. 

• Shared folders have appropriate read/write settings. 

• Leavers’ access is removed promptly. 

Keep an access log or permissions list as part of your IG documentation.

5. Archive or delete old content

Hold a “file amnesty” - ask staff to identify documents they no longer use. Set a review period (for example, “files not accessed in the last two years”) and either: 

• Archive to a secure, labelled folder. 

• Delete if no longer needed and not legally required. 

Be cautious with clinical or statutory records - check retention policies before deletion. 

6. Train and involve the team 

This process won’t work unless your team buys in. Provide: 

• A short guide to the new folder structure. 

• A quick reference sheet for naming conventions. 

• Drop-in support or a named contact for questions. 

• Regular reminders in team briefings. 

You might even assign team leads or “folder champions” to keep their sections tidy. 

Keeping it clean: ongoing maintenance 

Once your drive is in good shape, keep it that way: 

• Schedule a mini clean-up every six months. 

• Include file management in staff inductions. 

• Review access permissions quarterly. 

• Add document control to your IG calendar. 

• Remind staff: if in doubt, ask before creating or moving a file. 

Final word: Tidy folders, tidy risks 

Shared drives may not feel like a top IG priority, but they’re where risk and routine collide. The more organised your system, the easier it is to work safely, respond to data requests and avoid accidental breaches. Sorting your drive won’t take forever - but ignoring it might. A few hours now could save you days of stress later.