Google Drive Security Audit Checklist

A repeatable 10-step checklist for auditing Google Drive security. Walk through it once a quarter (or monthly for sensitive accounts) and you'll catch the vast majority of access issues before they turn into incidents.

The checklist works for individual Google accounts and for Workspace tenants. It uses the free DriveAuditr Google Sheets template to produce the data you'll filter against.

Before you start​

Run the audit so you have a spreadsheet of every file and every permission to filter:

1. Get the free DriveAuditr template (link emailed instantly).
2. Make a copy to your own Drive.
3. Click Drive Audit → Run Audit Now.
4. Wait for the "Drive Audit" tab to populate.

Now work through the checklist below, applying each filter to that sheet.

1. Files shared publicly ("Anyone with the link")​

Filter: Permission type = anyone

Every row is a file accessible without login to anyone holding the URL. Decide for each one: revoke, downgrade to reader, or document as intentionally public.

Particular danger: any row where Role = writer — anyone with the link can edit.

2. Public files with edit access​

Filter: Permission type = anyone AND Role = writer

These are P0. Public + editable means anyone with the link can change or destroy the file's contents. Revoke immediately or downgrade to reader.

3. External user shares​

Filter: Domain ≠ your company domain AND Permission type = user

These are direct shares to people outside your organization. Sort by Email to spot former contractors, ex-employees, vendors who finished projects, and personal Gmail addresses that probably shouldn't be on company files.

4. External domain shares​

Filter: Permission type = domain AND Domain ≠ your company domain

This finds files shared with all users at another domain — almost as broad as a public link, and often the lingering result of a long-finished partnership.

5. Files shared with personal email addresses​

Filter: Domain is one of gmail.com, yahoo.com, outlook.com, hotmail.com, icloud.com, etc.

Personal addresses on company files are a common compliance violation. Even if the user is internal, they shouldn't be using a personal account to access work files.

6. Stale shares on dormant files​

Filter: File modified more than 18 months ago AND Permission type ∈ {anyone, domain, user} (with external domain)

Dormant files with broad access are the easiest cleanup target. Nobody is using them, but they still expand your sharing surface area. When in doubt, revoke and ask later — a forgotten file rarely gets re-requested.

7. Ownership concentration​

Group by: Owner

If a single account owns the majority of business-critical files, that's a continuity risk — if that user leaves, ownership transfer becomes painful. For Workspace tenants, consider moving high-importance documents into Shared Drives where the organization owns the file rather than an individual.

8. Shared Drives membership​

Filter: files where the file path indicates a Shared Drive, group by Shared Drive name.

For each Shared Drive, confirm:

• Is the membership list current? Remove anyone who left the project.
• Is the default access level (Manager / Content Manager / Contributor / Commenter / Viewer) appropriate?
• Is it still active, or can it be archived?

9. "Published to web" content​

This isn't surfaced by the audit (it's a separate Drive feature), so it needs a manual pass for highly sensitive files:

• Open each high-importance Doc/Sheet/Slide.
• File → Share → Publish to web — confirm "Stop publishing" if it's on.

Most accounts have zero published files, so this step is fast.

10. Schedule the next audit​

Drive Audit → Setup Weekly Schedule

The biggest mistake teams make is running a one-time cleanup and never repeating it. Sharing drift is constant — every week someone clicks "Anyone with the link" for a quick fix and forgets. Recurring audits catch those events while they're still recent enough to remember.

For high-sensitivity accounts (legal, finance, executive), schedule weekly. For most others, monthly is enough.

After the audit: what changed?​

Once you've completed the checklist, save a snapshot of the spreadsheet (File → Make a copy, name it with today's date). The next time you audit, diff against the previous snapshot to see:

• New external shares introduced this period
• Public links added since last audit
• Dormant access that's been cleaned up

Over a few quarters, the diff between audits becomes the audit itself — a much faster review than scanning thousands of rows from scratch.

Common questions​

Do I need a Workspace admin account to do this? No, for personal/individual audits. Yes, if you want a tenant-wide audit covering files you don't personally have access to — in that case, run the audit as a super-admin.

Will this script modify or delete anything? No. It's read-only. All remediation is done by you in the Drive UI after reviewing the audit output.

How long does the audit take? A few minutes for under 500 files, up to several hours for 10,000+ files (Apps Script processes in batches due to a 6-minute per-execution limit).

Related guides​

• How to audit Google Drive access permissions
• See who has access to every Google Drive file
• Find publicly shared Google Drive files

Need help adapting this checklist to your environment? Email driveauditr@terrydjony.com.