Add some best practice recommendations

[warmanaMOJ]

{product} is approved for storage of OFFICIAL and OFFICIAL-SENSITIVE material. The additional points below are recommendations that are helpful in regards to file storage:

• Files relating to Service Users should be stored in the appropriate Information Management System. We would not recommend for files relating directly to Service Users or containing lists of Service User information to be stored in teams – even if this is a duplicate copy – as these files are likely to be subject to organisational Information Security policies and processes.
• If a {product} chat, or channel, is intended to be deleted, it’s recommended that the owner of that chat or channel first checks whether there are any files that need to be retained – whether this be because they’re subject to a retention period, or other Information Security process, or would need to be referred to at a later date.
• It’s recommended that the owner of a chat or channel carries out regular checks of the files stored against that chat or channel. If a file needs to be moved to either a shared file storage area, or other appropriate location, this should be actioned avoiding duplicate records where possible. This would be to reduce the risk of files being unknowingly deleted and ensuring that files comply with local guidance.
• While the copying of files can take place in {product} and would be helpful in some cases, it’s recommended that files are not copied between channels or chats or to {storage} if the information would be subject to organisational Information Security processes, or may become out of date through a "primary" copy being changed or updated.
• It’s recommended that files that are not owned by the MoJ are not stored on {product}. They should be held in compliance with Information Sharing Agreements, local guidance and organisational Information Security policies and processes.