Approved Storage Locations

Overview

 

Safely Storing Data

To protect the mission and business of the university, it is critical that university users only use approved storage locations for university data. The following locations have been reviewed for appropriate technical and contractual controls to handle data consistent with U of I policies and standards.

 

Data Classification

University policy (APM 30.11) classifies data based on the risk, as "Low," "Moderate," or "High" to assist the university to remain compliant and to focus security controls on the data that presents the most significant risk. Services or locations below have been approved for the data classifications indicated. Individual departments, projects, or research areas may have specific, additional restrictions beyond the OIT defaults.

 

Approved Storage

Service Low Risk Moderate Risk High Risk
Files.uidaho.edu (S:) yes yes yes
Local Hard Drive (Windows or macOS - only when encrypted and managed by OIT) yes yes yes
Microsoft 365: OneDrive 2 (replacement for U:)  yes yes  
Microsoft 365: Sharepoint / Teams Storage 2 yes yes  
Microsoft 365: Sharepoint / Storage-* sites (replacement for S:) yes yes  
Adobe Creative Cloud (when managed by OIT and used only on an OIT-managed device, otherwise Low only) yes yes  
Storage provided by Research Computing and Data Services (RCDS), including Falcon, unless otherwise labeled yes yes  
Secure Data Enclaves provided by OIT and RCDS, with an approved System Security Plan (SSP) yes yes yes

1 While encrypted local hard drives are approved, it is strongly recommend that you always minimize any local storage, especially of any high risk data.

2 External sharing and collaboration enabled, but owners must still limit access to those with a legitimate educational interest or need to know.

 

Non-Approved Storage Locations

Google Drive, DropBox, Box, iCloud, Nextcloud and more are not approved University of Idaho data storage locations. This is not necessarily because these storage solutions are inherently unsafe, but because they have not been assessed for the technical and contractual controls required of almost any non-public university data. To ensure the university remains compliant with all applicable laws, contracts, grant requirements, and policy, U of I performs vendor security assessments and signs agreements with Microsoft and other vendors that protect our data. The technical and contractual controls makes sure we remain in control of that data and can respond to legal and public records requests when required.

If you have questions about storage options, data classifications or safety of your data, please submit a request through here to the OIT Security Office.

 


 

100% helpful - 1 review
Request Service

Details

Article ID: 1670
Created
Thu 6/18/20 11:54 AM
Modified
Tue 3/19/24 4:05 PM

Related Articles (6)

Data security standards Overview
Overview, FAQ, and change log of the data security standards
Guidelines for Compliant Access to High Risk Data
This guide describes the current settings enforced for High Risk data access on macOS, Windows, iOS, and Android.
How to access and view OneDrive storage metrics?
How to access and view OneDrive Storage Metrics
How to identify "High Risk" data?
Information to help you identify different classifications of data, which may require different technical controls.
University Provided Adobe Software
The University licenses Adobe software for most of the University community to use.

Related Services / Offerings (2)

Not Seeing What You're Looking For?
Choose this if you have a Security or Records concern not listed above.
Whole Disk Encryption
I want to protect the information and high risk data stored on my computer.