Acceptable Service Use
If your intended solutions are for research purposes, please use the data storage solutions finder. The following table will indicate what services are acceptable for various uses. All export control data are required to be reviewed by the Export Control Office (exportcontrols@purdue.edu).
| Service | Product | Sensitive | Restricted | FERPA | GLBA | HIPAA |
|---|---|---|---|---|---|---|
| Fileservices | Isilon (Shared Drives)* | Approved | 1 | 1 | 1 | Not Approved |
| Filesharing | Box.com (Standard) | Approved | Not Approved | Not Approved | Not Approved | Not Approved |
| Filesharing | Box.com (REED Folder) | Approved | Approved | Approved | Approved | Approved |
| Filesharing | Filelocker** | Approved | Approved | Approved | Approved | Approved |
| Filesharing | Microsoft OneDrive | 2 | Not Approved | Not Approved | Not Approved | Not Approved |
| FileSharing | Microsoft SharePoint | 2 | 3 | 3 | 3 | 4 |
| Messaging | Microsoft Email | 5 | Not Approved | Not Approved | Not Approved | Not Approved |
| Collaboration | Microsoft Teams | Approved | Not Approved | Not Approved | Not Approved | Not Approved |
| Conferencing | Webex (Normal) | Approved | Not Approved | Approved | Not Approved | Not Approved |
| Conferencing | Webex (Restricted) | Approved | Approved | Approved | Approved | Approved |
| Conferencing | Zoom (Paid) | 6 | Not Approved | 6 | Not Approved | Not Approved |
| Conferencing | Zoom (Free) | Not Approved | Not Approved | Not Approved | Not Approved | Not Approved |
Legend and Usage Notes
- X
- Services that show this designation for a data classification should NOT be used.
- See Note
- Services that show this designation for a data classification may be used with caution.
- Services that show this designation for a data classification are fully approved to be used.
- *
- Isilon is used for on-prem file services such as departmental share drives supported by Purdue IT.
- **
- Filelocker is intended to be used as a file transfer service and not for long-term storage.
- 1
- Existing use cases must be identified to PSS. This process can be initiated by sending an email to it@purdue.edu. New use cases should be stored in alternate solutions such as a Box REED folder.
- 2
- Access should be limited to those with a business need. All sensitive data should be labeled with sensitivity labels.
- 3
- Access should be limited to those with a business need. All restricted data should be labeled with a sensitivity label and stored in a SharePoint Restricted Data Storage site.
- 4
- Prior to storing HIPAA data in SharePoint Restricted Data Storage, approval must be received from Purdue Systems Security - Information Assurance (email it@purdue.edu).
- 5
- Encryption recommended.
- 6
- Zoom does not require multi-factor authentication and is not offered as a centrally supported service. Users have the ability to change system settings and therefore must ensure the environment configured is secure and compliant. When necessary, access should be granted to specific users rather than sharing account information. Storing recorded meetings in the cloud could expose protected data and should be avoided.
Revised: June 5th 2024
Revised December 20th 2024: Reviewed and administrative changes made.
Revised July 31st 2025: Updated Acceptable Service Use chart.
- Data Handling
- Acceptable Service Use
- Data Protection Roles and Responsibilities
- Data Stewards
- Electronically Stored Information
- Electronically Transmitted Information
- Handling of Printed Information
- Labeling of Documents
- Keys to Securing Purdue’s Data
- Media Disposal Guidelines
- Acceptable Service Use