Skip to main content

Storing or sharing restricted or critical data at IU

Guidance provided by the University Information Policy Office

Security and privacy Sep 26, 2022

The University Information Policy Office (UIPO) would like to remind current storage owners and those who might request new storage locations that you MUST use the Institutional Storage Request Form if storing or sharing restricted or critical data classifications on Google or Microsoft at IU storage platforms. This form will guide you through the considerations and requirements to ensure correct storage security and permissions. Storage ownership and settings are key to the security of data in cloud storage services.

Individually owned storage spaces such as Google at IU My Drive and Microsoft OneDrive at IU are never an appropriate place to share institutional data at Indiana University. Security settings in individual storage spaces do not meet the same requirements as the non-individual secure storage options, and they pose a risk of data being moved or lost if an employee moves departments or leaves IU.

It is important to use software and services that have been approved for use with institutional data. IU offers a Software and Services Selection Process (SSSP) to provide the necessary resources for departments to select solutions to meet their needs and to minimize threats to IU data. If a new external software or service is needed, the Third-Party Assessment (3PA) ensures that potential outside vendors appropriately handle the data that we share with them. Institutional data should not be disclosed or collected by any third-party services unless they have been approved through these processes.

For questions, please contact the UIPO at iudata@iu.edu.

More stories