NB! The numbers in the table refers to notes. The notes corresponding to the numbers are in the bottom of this article.
Storing on a Mac, PC or hard drive
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| Privately owned laptop (BYOD) | Yes | 11 | No | No |
| Privately owned home computer | Yes | 11 | No | No |
| UiO owned home computer | Yes | 11 | No | No |
| Desktop maintained by UIO (local hard drive) |
4 | 4 | 4 | No |
| Laptop maintained by UiO – not encrypted (soon to be phased out) |
8 | 8 | No | No |
| Laptop maintained by UiO – encrypted | Yes | Yes | 1, 3 | No |
| Memory stick / external hard drive | Yes | No | No | No |
| Memory stick / external hard drive – encrypted | Yes | Yes | 1, 3 | No |
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| Private e-mail (Gmail, Hotmail etc.) |
Yes | No | No | No |
| UiO e-mail | Yes | Yes | 2, 3 | No |
Storage services
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| Personal cloud service (Dropbox, Google Drive etc.) |
Yes | No | No | No |
| UiO Home directory (?M:-drive?) | Yes | 9 | No | No |
| UIO shared storage for your unit or research group | Yes | Yes | 6 | No |
| UiO Dropbox | Yes | Yes | No | No |
| UiO Google Suite for Education | Yes | Yes | No | No |
| UiO OneDrive (Microsoft 365) | Yes | Yes | No | No |
| UiO TSD | Yes | Yes | Yes | Yes |
| UiO "Storage hotel" | Yes | Yes | 6 | No |
| UiO personal researcher storage | Yes | Yes | 6 | No |
| NREC (previously UH-IaaS) | Yes | Yes | No | No |
Administrative services
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| UiO ePhorte | Yes | Yes | Yes | No |
| UiO self-service portal (SAP) | Yes | Yes | Yes | No |
Content management systems (CMS)
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| Vortex | Yes | Yes | 6 | No |
| UiO Wiki | Yes | Yes | No | No |
Other services
| Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
|---|---|---|---|---|
| UiO Nettskjema | Yes | Yes | 5 | 5 |
| UiO Request Tracker (RT) | Yes | Yes | 10 | No |
| UiO Canvas | Yes | Yes | No | No |
| UiO CIM | Yes | Yes | Yes | No |
| UiO Instant Messaging (XMPP - chat.uio.no) |
Yes | 7 | 7 | No |
| UiO Mattermost | Yes | Yes | 13 | No |
| UiO Skype for business | Yes | Yes | No | No |
| UiO Teams | Yes | Yes | No | No |
| UiO Zoom (uio.zoom.us) | Yes | Yes | 12 | No |
Notes
- Red data can be stored on a laptop with a fully encrypted disk, an encrypted memory stick or an encrypted external hard drive. The encrypytion must, at all times, meet the demands given in LSIS.
- E-mails with red data can be sent internally at UiO between UiO users. If e-mails with red data is to be sent to external recipients, the content has to be encrypted before sending it. See LSIS for the applicable requirements. These kinds of e-mails must NOT be synchronized with a private laptop or mobile phone.
- Make sure that red data can not be downloaded or collected to the home disk, laptops without an encrypted disk or other storage that cannot store red data.
- In general, it is not recommended to store data or documents on the local drive of your computer or workstation.
- Nettskjema supports gathering information for immediate transfer into TSD. TSD is approved for storing red as well as black data.
- Red data may be stored in Vortex, on your shared research network drive or in the UiO Storage Hotel, if you make an individual risk assessment of the data and its content.
- Yellow and red data may be processed in UiO XMPP if the chatroom has access control.
- This category is expiring soon. From Q3 in 2018, all laptops maintained by UiO will have fully encrypted hard drives.
- Information meant for sharing with your colleagues should be placed in a shared network drive, not in your home directory.
- Red data may be kept and handled in Request Tracker (RT) if you make an individual assessment of the risks. Care must be taken to ensure that red data is not put in open queues. Routines must be in place to ensure that red data is deleted.
- As a rule, yellow data is not allowed on your private laptops or computers. However, some limited use is accepted if you comply with the guidelines for using private computers.
- Red data are allowed in Zoom as long as they are streamed and not recorded. Recordings of red data in Zoom are allowed if you make an individual risk assessment of the data and its content. The recordings must be stored in accordance with this guide.
- Red data may be discussed in UiO Mattermost if the team is configured for IT staff.
Approved by the IT director 28. august 2018.