Managing security with a Rolling Document

I've used rolling documents for years in many groups and projects, including communities with 1000s of ppl, and some operating under gaze of nations hostile to project success (re: Taiwan). I'd recommend waiting for a problem or security issue to arise before over-anticipating it. The simplicity afforded by everything in one place feels well worth the risk that some malicious person might view something that was in edit history for a day. (Though surely this opinion of mine is negated by certain content that might be in notes)

A friend and fellow cooperator dcwalk (who I've worked with on a lot of projects) had this great metaphor for how small groups sometimes confound themselves by over-indexing on outside forces conspiring to hurt them.

(My words, not hers for the rest) ppl often make decisions based on anticipated concerns that have never actually manifested in practice. They imagine that the enemy is coming from outside to hurt them, to prevent them from meeting their goals. But they don't realize the truth, that the enemy (of small groups doing good work against the odds) is almost always inside the group, it is ourselves and our processes and the burdens we put on ourselves. It is us losing energy, becoming demotivated or saddled with extra labour that flows from our strong values and sensitivities to detecting "not rightness" in the world. But we perhaps need to defend our energy for the big fights that are our mission work, not the small things that miiiight be an issue in just the right circumstances after several years (but in my experience, never manifest).

Basicallys, just like in the horror movies, the bad guy is not outside trying to get in, the bad guy is already inside the house. We might be best to make daily decisions more from that vantage point.

I've used rolling documents. On a practical level, you have to be really careful that they don't become unwieldy. I've witnessed co-ops lose whole days to rolling documents. Periodic archiving can be useful.

Regarding your concern about sensitive and valuable information, that is about who you allow access. In the same way that you wouldn't leave a physical office unlocked with sensitive information in an unlocked drawer, or hand out the keys to random passers-by, be careful about who has access to what information. If they don't have a right to inspect or edit information because they haven't made the commitment to the responsibilities of membership or directorship, why are you giving it to them?

You can always remove sensitive information into different linked documents that have a different level of security.

I would also say that if these documents constitute the minutes of General Meetings or Directors Meetings you should ensure you make a separate copy that cannot be tampered with and file this appropriately. I have known of documents to be tampered with (and hard copies removed) in the past when there has been serious dischord inside a co-op. If your co-op Directors or Members need to rely upon limited liability to protect them if the business is sued or wound up insolvent then the Minutes of your meetings are a crucial record to demonstrate that you did not invalidate your limited liability protection.

So I guess I'm saying rolling documents are "as well as" not "instead of" separate formal minutes.

I've used google docs, just lock them down so only people are allowed to see them can, and also remember to remove access once directors leave. Also export to PDF as regularly as you want, to have a uneditable snapshot if you are worried about it. At workers.coop we create a new rolling document for each year as the docment size just become a pain to load.