SharePoint & File Sharing Best Practices
This guide outlines best practices for using SharePoint and OneDrive at Viva Day Spa. Our goal is to create a simple, secure, and consistent way for teams to store, share, and collaborate on files—while avoiding duplication, confusion, and security risks.
Foundation
When to Use SharePoint vs. OneDrive
SharePoint: Team & Department Files
Use SharePoint for files that belong to a team, department, or location and need to be accessed by multiple people. These files should remain with Viva Day Spa even if an employee leaves.
  • HR documents and policies
  • Manager reports and procedures
  • Marketing assets
  • Financial or operational documents
OneDrive: Personal Work Files
Use OneDrive for files that are drafts or work-in-progress, owned by one individual, and do not need ongoing team access.

Important: OneDrive is not a long-term storage solution for shared business files.
Organization
Folder & Site Organization Standards
Each department or functional area will have its own SharePoint site. Folder structures should be kept simple and shallow to avoid deeply nested folders that create confusion.
Recommended Folder Naming
  • Use plain language
  • Avoid initials or unclear abbreviations
  • Use year-based folders when applicable (e.g., 2025 Reports)
Naming Convention
File Naming Best Practices
Consistent file names reduce confusion and version issues, especially during migration. Use this recommended format: Department – Description – Date (YYYY-MM-DD)
Real Viva Examples
  • HR – Employee Handbook – 2025-01-01.docx
  • Finance – Q4 Budget Forecast – 2025-11-15.xlsx
  • Marketing – Spring Promo Calendar – 2026-03-01.xlsx
  • Operations – Service Menu Updates – 2025-09-10.docx
  • Analytics – Monthly KPI Dashboard – 2025-12-31.xlsx
Avoid These Mistakes
  • Final_FINAL_v3_REAL.xlsx
  • Final_v2_REAL_FINAL.docx
  • Special characters like # % & *
Collaboration
Collaboration & Version Control
01
Use Built-in Version History
Instead of saving multiple copies, rely on SharePoint's version history to track changes over time.
02
Co-author Directly in SharePoint
Work on files together in real-time whenever possible to maintain a single source of truth.
03
Avoid Local Downloads
Don't download files, edit locally, and re-upload. This creates conflicts and version issues.
Best Practice: Always edit files directly from SharePoint or Teams to prevent conflicts.
Security
Sharing & Permissions Guidelines
Internal Sharing
Permissions are assigned at the site or folder level, not individual files whenever possible. Access is typically managed through security groups, not individual users.
External Sharing
External sharing should be limited and intentional. Only share specific files or folders—not entire sites. External access should be reviewed periodically.

If unsure, contact IT before sharing externally.
Do's and Don'ts
Do
Store shared files in SharePoint
Use Teams to access and collaborate on SharePoint files
Keep folder structures clean and consistent
Ask IT when unsure about permissions or sharing
Don't
Store important team files only in OneDrive
Email file attachments when a SharePoint link will work
Create duplicate copies across multiple locations
Change permissions without approval
Migration Strategy
Migration Approach & Governance
Pilot Migration
Files placed into functional SharePoint libraries (HR, Finance, Marketing, etc.)
AI-Assisted Categorization
Initial file categorization performed using AI to accelerate placement into correct libraries
Review & Validation
Business owners review and correct categorization during pilot phase
DefenTec Partnership
DefenTec IT: Your Cybersecurity & Compliance Partner
As Viva Day Spa's cybersecurity and IT partner, DefenTec ensures SharePoint is deployed securely, compliant with industry expectations for a medical spa environment, and sustainable long term.
Least-Privilege Access
Ensure all users only have access to data required for their role through security groups aligned to job function.
User & Device Compliance
Confirm all users and devices meet security standards, including MFA enforcement and device compliance controls.
Secure Architecture
Build SharePoint sites that separate general business data from sensitive content, reducing risk and simplifying audits.
Security Group Management
Implement and maintain security groups mapped to departments, leadership roles, and sensitive data access.
Compliance & Audit Readiness
Establish structure supporting periodic access reviews, reporting, and audits aligned with healthcare-adjacent environments.
Ongoing Support
Deliver clear documentation, user guidance, and continued support to ensure SharePoint remains secure and compliant.