Storage and communication services - acceptable practices

Purdue Data Handling Documentation and acceptable practices

Purdue's data handling documentation can be found at: https://www.purdue.edu/securepurdue/data-handling/index.php

The acceptable service use subsection contains an image that clarifies what services one can use to store what kinds of data: https://www.purdue.edu/securepurdue/data-handling/acceptable_service_use.php
The image on that page is repurposed below for ease of lookup and accessibility.

For example, Zoom cannot be used to display HIPAA data - however, Webex can. Similarly, Box.com cannot be used to store sensitive or restricted data unless one specifically requests a REED folder setup for such use. 

If you have any questions, please ContactUs before you start - we can likely save you a lot of trouble if you need to reclassify your storage after the fact.

 

 

 

Service Product Sensitive Restricted FERPA HIPAA GLBA CUI
Filesharing Box.com (Personal) N N N N N N
Filesharing Box.com (REED Folder*) Y Y Y Y Y N
Filesharing Filelocker Y Y Y Y Y !1
Filesharing Microsoft One Drive N N N N N N
Messaging Microsoft O365 Email N N N N N N
Collaboration Microsoft SharePoint N N N N N N
Collaboration Microsoft Teams !2 N N N N N
Conferencing Webex (Normal) Y   Y N N N
Conferencing Webex(Restricted) Y Y Y Y N N
Conferencing Zoom (Paid) ! 3 N ! 3 N N N
Conferencing Zoom (Free) N N N N N N

 

N Services that show this designation for a data classification should NOT be used.
! Services that show this designation for a data classification may be used with caution.
Y Services that show this designation for a data classification are fully approved to be used.

 

!1 Filelocker is intended to be used as a file transfer service and not for long-term storage.
!2 Microsoft Teams does not require multi-factor authentication and allows complex permissions to be set. Ensure access is limited to authorized users and never via a public link.
!3 Zoom does not require multi-factor authentication and is not offered as a centrally supported service. Users have the ability to change systems settings and therefore must ensure the environment as configured is secure and compliant. When necessary, access should be granted to specific users rather than sharing account information. Storing recorded meetings in the cloud could expose protected data and should be avoided.

* More information about the REED folder can be found here

Last modified: 2021/04/23 08:50:8.657995 GMT-4 by steven.e.schmidt.1
Created: 2021/04/15 02:30:30.652783 GMT-4 by sundeep.rao.1.

Categories

Search

Type in a few keywords describing what information you are looking for in the text box below.

Admin Options: Edit this Document