System Usage Guide
If your intended solutions are for research purposes, please use the data storage solutions finder. The following table will indicate what services are acceptable for various uses. All export control data are required to be reviewed by the Export Control Office (exportcontrols@purdue.edu).
| Product | Data Type | Status & Guidelines |
|---|---|---|
| Isilon | Sensitive | Approved |
| Restricted | Existing use cases must be identified to PSS by emailing it@purdue.edu. New use cases should be stored in alternate solutions such as a Box REED folder. | |
| FERPA | Existing use cases must be identified to PSS by emailing it@purdue.edu. New use cases should be stored in alternate solutions such as a Box REED folder. | |
| GLBA | Existing use cases must be identified to PSS by emailing it@purdue.edu. New use cases should be stored in alternate solutions such as a Box REED folder. | |
| HIPAA | Prohibited | |
| Box.com (Standard) | Sensitive | Approved |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited | |
| Box.com (REED Folder) | Sensitive | Approved |
| Restricted | Approved | |
| FERPA | Approved | |
| GLBA | Approved | |
| HIPAA | Approved | |
| Filelocker | Sensitive | Approved |
| Restricted | Approved | |
| FERPA | Approved | |
| GLBA | Approved | |
| HIPAA | Approved | |
| Microsoft OneDrive | Sensitive | Access should be limited to those with a business need. All sensitive data should be labeled with sensitivity labels. It is not advised to sync sensitive data to a computer. |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited | |
| Microsoft SharePoint | Sensitive | Sensitive access should be limited to those with a business need. All sensitive data should be labeled with sensitivity labels. |
| Restricted | Access should be limited to those with a business need. All restricted data should be labeled with a sensitivity label and stored in a SharePoint Restricted Data Storage site. | |
| FERPA | Access should be limited to those with a business need. All restricted data should be labeled with a sensitivity label and stored in a SharePoint Restricted Data Storage site. | |
| GLBA | Access should be limited to those with a business need. All restricted data should be labeled with a sensitivity label and stored in a SharePoint Restricted Data Storage site. | |
| HIPAA | Prior to storing HIPAA data in SharePoint Restricted Data Storage, approval must be received from Purdue Systems Security - Information Assurance (email it@purdue.edu). | |
| Qumulo | Sensitive | Approved |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited |
| Product | Data Type | Status & Guidelines |
|---|---|---|
| Microsoft Email | Sensitive | Encryption recommended. |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited |
| Product | Data Type | Status & Guidelines |
|---|---|---|
| Microsoft Teams | Sensitive | Approved |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited |
| Product | Data Type | Status & Guidelines |
|---|---|---|
| WebEx (Normal) | Sensitive | Approved |
| Restricted | Prohibited | |
| FERPA | Approved | |
| GLBA | Prohibited | |
| HIPAA | Prohibited | |
| Webex (Restricted) | Sensitive | Approved |
| Restricted | Approved | |
| FERPA | Approved | |
| GLBA | Approved | |
| HIPAA | Approved | |
| Zoom (Paid) | Sensitive | Zoom does not require multi-factor authentication and is not offered as a centrally supported service. Users have the ability to change system settings and therefore must ensure the environment configured is secure and compliant. When necessary, access should be granted to specific users rather than sharing account information. Storing recorded meetings in the cloud could expose protected data and should be avoided. |
| Restricted | Prohibited | |
| FERPA | Zoom does not require multi-factor authentication and is not offered as a centrally supported service. Users have the ability to change system settings and therefore must ensure the environment configured is secure and compliant. When necessary, access should be granted to specific users rather than sharing account information. Storing recorded meetings in the cloud could expose protected data and should be avoided. | |
| GLBA | Prohibited | |
| HIPAA | Prohibited | |
| Zoom (Free) | Sensitive | Prohibited |
| Restricted | Prohibited | |
| FERPA | Prohibited | |
| GLBA | Prohibited | |
| HIPAA | Prohibited |