Workflow stack · Document control

Files organised, permissioned, backed up, traceable.

Documents organised, permissioned, backed up, and traceable, so your team can find and trust the right version. Scellus runs the inventory, structure, access, and recovery as an operated workflow; you keep the governance decisions.

Book Workflow Review See the stack
Included
Permission map
Included
Backup + restore test
Included
Audit log

Stack readout · six controlled blocks

Built for law firms, professional services, and logistics teams with file-governance obligations, across Microsoft 365, Google Workspace, and cloud storage.

Where document control breaks today

There is storage. There is no control.

  1. Three copies, no source of truth.

    The live file sits on a shared drive, in an inbox, and on a laptop. Nobody is sure which copy is current.

  2. Permissions nobody decided.

    Access was inherited, never set. The wrong people can open folders; the right people are still locked out.

  3. A backup nobody has tested.

    There is a backup in theory. No one has run a restore, so no one knows if the file comes back.

  4. Audits become manual hunts.

    A request lands and two days vanish searching drives for files that should be one click away.

  5. Knowledge walks out the door.

    A senior leaves with the map: where files live, who can see them, and which folder matters.

  6. Sensitive files sit in the open.

    Client and staff records live where anyone can reach them, with no log of who opened what.

Operating truth

Storage is not control.

Control is the moment you can prove the right version is findable, correctly permissioned, recoverable, and logged, without asking the person who set it up.

The stack

Six blocks. One controlled store.

Document control runs the full public block sequence. It starts with a file inventory, passes through classification, permissions, and backup verification, pauses for governance judgement, then delivers a documented, recoverable, audited store.

  1. 01
    Collect
  2. 02
    Read
  3. 03
    Verify
  4. 04
    Chase
  5. 05
    Review
  6. 06
    Deliver

Blocks used

Each block has a source, an output, and an owner.

See the block library
01

Collect

Inventories every file across shared drives, cloud storage, inboxes, and local machines into one controlled index.

Your team Granting access to the drives and naming a storage owner.
02

Read

Classifies files, reads metadata, and builds the folder structure and naming the organisation should actually use.

Your team Confirming how matters, clients, or projects should be grouped.
03

Verify

Maps who can see what, checks access against role, and tests that backups actually restore, not just that they run.

Your team Approving the permission model and the retention rules.
04

Chase

Routes gaps, mis-filed documents, and access questions to the owner who can resolve them, with the file attached.

Your team Answering ownership and access questions.
05

Review

Holds governance exceptions for a named decision: unusual permissions, sensitive records, and retention edge cases.

Your team Signing off exceptions and the final structure.
06

Deliver

Hands over the documented structure, permission map, backup posture, restore-test results, and the audit log.

Your team Operating the organised store after handover.

What you receive

Not a tidy drive. An operating record.

The output is not just organised files. It is the evidence that the right version is findable, permissioned, recoverable, and logged.

  • A documented folder structure and naming convention your team can follow without guessing where a file belongs.

  • A permission map showing who can reach each area, mapped to role, with over-broad access already corrected.

  • A backup posture report covering what is backed up, how often, where it lives, and where the gaps were.

  • Restore test results: proof a real file came back, not just confirmation that a backup job ran.

  • A monthly governance report on access changes, new gaps, and the documents that moved or were retired.

  • An audit log linking file, owner, permission change, and review decision, ready for the next audit request.

The transition

What changes when Scellus runs document control.

Migration without the disruption

Today

A clean-up means a weekend of moved folders and a Monday of broken links and missing files.

We handle

We restructure in controlled batches, keep links and access working, and cut over only what has been verified.

Your team

Approves the structure and the cutover window.

Keeping the structure people know

Today

A new system arrives, everyone has to relearn where things live, so they quietly keep their own copies.

We handle

We preserve the folder logic your team already understands and document it, instead of imposing a new map.

Your team

Confirms the naming and grouping that matches how you work.

Recovery you can actually trust

Today

The backup is assumed to work. The first time anyone checks is the day something is already gone.

We handle

We test restores on real files and report what came back, so recovery is proven before you need it.

Your team

Decides which records must be recoverable, and how fast.

Division of labour

We run the queue. You keep judgement.

Scellus handles Your team owns

Inventory files across drives, cloud, inboxes, and devices

Provide access and name the storage owner

Design and document the folder structure and naming

Confirm how matters, clients, and projects are grouped

Map permissions to role and correct over-broad access

Approve the access model and retention rules

Verify backups and test restores on real files

Decide what must be recoverable and how fast

Hold governance exceptions for named review

Sign off exceptions and sensitive-record handling

Maintain the audit log and monthly governance report

Own who can access the audit pack

Compliance and data

Sensitive files stay traceable while they move.

Client, staff, matter, and operating records stay under PDPA 2010 and the 2024 Amendment. The plan names storage location, access owner, retention rule, and audit handoff before any file moves.

Where legal storage applies, Bar Council confidentiality and retention rules shape the permission model and the records that need holdback or named approval. Data residency is confirmed before processing.

Audit traceability is part of the deliverable: file, owner, permission change, review decision, backup state, and restore-test result, linked in one log.

Data handling · Security and governance

Integrations

We meet the storage you already run.

Microsoft 365

  • SharePoint document libraries
  • OneDrive for Business
  • Teams files and channels
  • Microsoft Entra ID for identity

Google Workspace

  • Drive and Shared Drives
  • Shared-drive membership and roles
  • Workspace groups and access
  • Google SSO and identity

Backup and identity

  • AWS S3 or equivalent object backup
  • Versioned and offsite copies
  • Identity providers, SSO, and RBAC
  • Restore-test and verification tooling

Operating cadence

Inventory, structure, then govern.

01

Week 1 to 2

Discovery and file inventory

We list storage locations, owners, sensitive areas, retention rules, and the documents an audit would ask for first.

Storage scope and owners agreed.
02

Build phase

Structure, permissions, and backup

Files are restructured in batches, permissions are mapped to role, backups are verified, and restores are tested before handover.

Documented structure and proven recovery.
03

Ongoing

Operate and govern

Access reviews, gap fixes, restore checks, and a monthly governance report keep the store in control after handover.

Control maintained, not assumed.

Indicative scope

Organised enough to trust. Logged enough to prove.

Build phase

Four to eight weeks

File inventory, folder structure, naming convention, permission mapping, access correction, backup verification, restore testing, governance exceptions, and the audit pack.

Operating retainer

Ongoing governance

Access reviews, gap fixes, restore tests, retention updates, monthly governance reporting, and audit support while the store stays in control.

Final scope, duration, and fee are confirmed at the Workflow Review against file volume, number of storage locations, data sensitivity, and recovery requirements.

What clients ask first

The questions that decide whether the store is ready.

Will this disrupt how we work day to day?

No weekend big-bang. We restructure in batches, keep access and links working, and cut over only verified areas, so the team keeps working through the change.

Do people have to relearn everything?

We preserve the folder logic your team already knows, document it, and change naming only where it removes confusion. The goal is less retraining, not more.

Can we keep our existing folder structure?

Usually yes. We start from what you have, fix what breaks governance such as permissions, duplicates, and gaps, then document the rest rather than rebuilding from zero.

How do we know recovery actually works?

We test restores on real files and report what came back and how long it took. Recovery is proven before you need it, not assumed.

Find out what document control would take in your team.

Start with the drives, the people who need access, and the files an audit would ask for first. We will map the structure, permissions, backup, and the first workflow to operate. Book a document-control Operations Review.

Book Workflow Review -> See data handling