Overview
The table below is designed to be a quick reference to help users of the University of Oregon's information systems understand where data of different sensitivity levels can be stored.
UO's Information Asset Classification & Management Policy is available in the UO Policy Library.
Information Asset Classification & Management
Definitions of low risk (green), moderate risk (amber), and high risk (red) data are available in our data classification quick reference.
Special Notice: You must contact the Information Security Office BEFORE storing HIPAA data in any collaboration tool.
| Tool |
Low Risk (Green) |
Moderate Risk (Amber) |
High Risk (Red) |
Approved For: |
| Personal Computer |
* |
|
|
N/A |
| Personal Email (Gmail, Yahoo, etc) |
* |
|
|
N/A |
| Personal Cloud Services (G Suite - all tools, Amazon Web Services, etc.) |
* |
|
|
N/A |
| Personal Dropbox |
* |
|
|
N/A |
| UO Managed Computer |
|
|
|
FERPA |
| UOmail*** |
|
|
** |
FERPA |
| UO Dropbox |
|
|
** |
FERPA |
| UO OneDrive |
|
|
** |
FERPA, HIPAA |
| Qualtrics |
|
|
** |
FERPA, HIPAA |
| UO Azure (Webservers, CDN, etc.) |
|
|
** |
FERPA, HIPAA |
| UO Microsoft Teams |
|
|
** |
FERPA, HIPAA |
| UO SharePoint |
|
|
** |
FERPA, HIPAA |
| UO Network File Share |
|
|
** |
FERPA, HIPAA |
| USB/CD/External Media |
|
|
|
** |
| Canvas |
|
|
|
FERPA |
| UO Adobe Creative Cloud |
|
|
|
FERPA |
| UO Confluence and Jira |
|
|
** |
FERPA |
| UO Zoom |
|
|
** |
FERPA, HIPAA |
Legend
= Approved data storage location for this classification of data
= This location is unsuitable for this classification of data
* = If you must use your personal devices for university business, follow these guidelines
** = You must contact the Information Security Office BEFORE storing data in this location for the first time.
*** = Includes Email, Calendar, Contacts, Tasks
A downloadable PDF of this table can be found here, along with more resources and downloads.