Overview
To protect the mission and business of the university, it is critical that university users only use approved storage locations for university data. The following locations have been reviewed for appropriate technical and contractual controls to handle data consistent with U of I policies and standards.
University policy (APM 30.11) classifies data based on the risk, as "Low," "Moderate," or "High" to assist the university to remain compliant and to focus security controls on the data that presents the most significant risk. Services or locations below have been approved for the data classifications indicated. Individual departments, projects, or research areas may have specific, additional restrictions beyond the OIT defaults.
| Service |
Low Risk |
Moderate Risk |
High Risk |
| Files.uidaho.edu (S:) |
 |
|
|
| Local Hard Drive (Windows or macOS - only when encrypted and managed by OIT) |
|
|
|
| Microsoft 365: OneDrive 2 (replacement for U:) |
|
|
|
| Microsoft 365: Sharepoint / Teams Storage 2 |
|
|
|
| Microsoft 365: Sharepoint / Storage-* sites (replacement for S:) |
|
|
|
| Adobe Creative Cloud (when managed by OIT and used only on an OIT-managed device, otherwise Low only) |
|
|
|
| Storage provided by Research Computing and Data Services (RCDS), including Falcon, unless otherwise labeled |
|
|
|
| Secure Data Enclaves provided by OIT and RCDS, with an approved System Security Plan (SSP) |
|
|
|
1 While encrypted local hard drives are approved, it is strongly recommend that you always minimize any local storage, especially of any high risk data.
2 External sharing and collaboration enabled, but owners must still limit access to those with a legitimate educational interest or need to know.
Google Drive, DropBox, Box, iCloud, Nextcloud and more are not approved University of Idaho data storage locations. This is not necessarily because these storage solutions are inherently unsafe, but because they have not been assessed for the technical and contractual controls required of almost any non-public university data. To ensure the university remains compliant with all applicable laws, contracts, grant requirements, and policy, U of I performs vendor security assessments and signs agreements with Microsoft and other vendors that protect our data. The technical and contractual controls makes sure we remain in control of that data and can respond to legal and public records requests when required.
If you have questions about storage options, data classifications or safety of your data, please submit a request through here to the OIT Security Office.