Cloud storage refers to any program owned by a third party that allows you to upload your data using the Internet. An advantage of cloud storage is that you can easily access and synchronize your data from multiple devices anywhere in the world, and you can share your information with anyone you want. This type of online storage can make you more productive, but it also comes with security risks.
In accordance with UTS165 Information Resources Use and Security Policy and the Information Resources Acceptable Use Policy, UT System Administration employees must use an approved cloud storage provider when storing University Data. System Administration has approved OneDrive for our storage and collaboration needs.
For more information on cloud storage services, access the UT System Administration Cloud Storage SharePoint page: https://community.utsystem.edu/sites/infosec/SitePages/cloudstorage.aspx (login required).
Data Type |
UT System |
Personal Data |
Y |
Published Data |
Y |
Controlled Data |
Y |
Confidential Data |
|
-PII/SSN |
Y |
-FERPA/GLBA |
Y |
-PHI/HIPAA |
Y** |
-PCI |
N |
-Research Data/IRB |
Ask |
|
|
UT System contract |
Y |
Support |
Y |
File upload limit |
10GB |
Storage quota |
Unlimited |
Authentication |
SNAC |
For more information on OneDrive or if OneDrive does not meet your business needs, you should contact infosecurity@utsystem.edu to discuss alternative solutions and to request an exception to UT System policy, if necessary. For more information on types of University data, please refer to the table below.
Data Classification
Description |
Examples |
Comments |
Confidential Data Data is classified as confidential if it must be protected from unauthorized disclosure or public release based on state or federal law or regulation, and by applicable legal agreement to the extent permitted by law. |
|
Data cannot simply be declared to be confidential. This classification is reserved for information that is protected from public release based on state or federal law, or a legally binding order or agreement. Likewise, data cannot be declared to be confidential under all circumstances. Context is an essential element. (In relation to the Federal Standards for Security Categorization of Federal Information and Information Systems , FIPS 199, this category equates to HIGH IMPACT for a Confidentiality, Integrity, and Availability breach) |
Controlled Data The Controlled classification applies to data that is not generally created for or made available for public consumption, but may be subject to release to the public through request via the Texas Public Information Act or similar State or Federal law. |
|
This classification likely encompasses the greatest volume of Data within the University. (In terms of FIPS 199, this category equates to MODERATE IMPACT for a Confidentiality, Integrity, and Availability breach) |
Published Data Published data includes all data made available to the public through posting to public websites, distribution through email, social media, print publications, or other media. |
|
Information can migrate from one classification to another based on Information life-cycle. Unpublished Research may fit the criteria of “Controlled Information” until published upon which it would become Published Information. (In terms of FIPS 199, this category equates to LOW IMPACT for a Confidentiality, Integrity, and Availability breach.) |