Approved Storage Locations



Safely Storing Data

To protect the mission and business of the university, it is critical that university users only use approved storage locations for university data. The following locations have been reviewed for appropriate technical and contractual controls to handle data consistent with U of I policies and standards.


Data Classification

University policy (APM 30.11) classifies data based on the risk, as "Low," "Moderate," or "High" to assist the university to remain compliant and to focus security controls on the data that presents the most significant risk. Services or locations below have been approved for the data classifications indicated. Individual departments, projects, or research areas may have specific, additional restrictions beyond the OIT defaults.


Approved Storage

Service Low Risk Moderate Risk High Risk (S:) yes yes yes
Local Hard Drive (Windows or macOS - only when encrypted and managed by OIT) yes yes yes
Microsoft 365: OneDrive 2 (replacement for U:)  yes yes  
Microsoft 365: Sharepoint / Teams Storage 2 yes yes  
Microsoft 365: Sharepoint / Storage-* sites (replacement for S:) yes yes  
Adobe Creative Cloud (when managed by OIT and used only on an OIT-managed device, otherwise Low only) yes yes  
Storage provided by Research Computing and Data Services (RCDS), including Falcon, unless otherwise labeled yes yes  
Secure Data Enclaves provided by OIT and RCDS, with an approved System Security Plan (SSP) yes yes yes
Google Workspace(only for specific constituents, and when accounts are managed by OIT) yes    

1 While encrypted local hard drives are approved, it is strongly recommend that you always minimize any local storage, especially of any high risk data.

2 External sharing and collaboration enabled, but owners must still limit access to those with a legitimate educational interest or need to know.

Google Workspace is now under contract with U of I, but is only approved for low risk data when used with a U of I ( account in context of a specific grant, project, or required application with an approved data management plan, security plan, and prior authorization from OIT. Gmail is not approved for communications (email) and OIT will not be supporting Google Workspace tools, only authentication and access to specific constituents or applications that require use of Google.


Non-Approved Storage Locations

Google Drive (except as noted above), DropBox, Box, iCloud, Nextcloud and more are not approved University of Idaho data storage locations. This is not necessarily because these storage solutions are inherently unsafe, but because they have not been assessed for the technical and contractual controls required of almost any non-public university data. To ensure the university remains compliant with all applicable laws, contracts, grant requirements, and policy, U of I performs vendor security assessments and signs agreements with Microsoft and other vendors that protect our data. The technical and contractual controls makes sure we remain in control of that data and can respond to legal and public records requests when required.


If you have questions about storage options, data classifications or safety of your data, please submit a request through here to the OIT Security Office.



100% helpful - 1 review
Request Service Print Article


Article ID: 1670
Thu 6/18/20 11:54 AM
Fri 5/24/24 11:05 AM

Related Articles (6)

Overview, FAQ, and change log of the data security standards
This guide describes the current settings enforced for High Risk data access on macOS, Windows, iOS, and Android.
How to access and view OneDrive Storage Metrics
Information to help you identify different classifications of data, which may require different technical controls.
The University licenses Adobe software for most of the University community to use.

Related Services / Offerings (2)

Choose this if you have a Security or Records concern not listed above.
I want to protect the information and high risk data stored on my computer.