NB! The numbers in the table refers to notes. The notes corresponding to the numbers are in the bottom of this page, under the heading Notes.
The colors in the table are based on the different classifications of information at UiO. →Read more about the different information classes and what they mean.
Also, refer to the Data Sharing Guide for information on the correct and legal sharing of information in the different information classes.
The Data storage guide does not constitute an exhaustive list. See the IT Service Catalog for supplementary information about specific services.
Storage on physical devices
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
Privately owned computer | Yes | 11 | No | No |
UiO-owned computer, not UiO managed | Yes | 11 | No | No |
UiO owned and managed computer | Yes, 4 | Yes, 4 | Yes, 1, 3, 4, 15 | No |
UiO managed cell phone | Yes | Yes | Yes, 3, 4 | No |
Memory stick / external hard drive | Yes | No | No | No |
Memory stick / external hard drive – encrypted | Yes | Yes | 1, 3 | No |
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
Private e-mail (Gmail, Hotmail etc.) |
Yes | No | No | No |
UiO e-mail | Yes | Yes | 2, 3, 14 | No |
Storage services
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
Personal cloud service (Dropbox, Google Drive etc.) |
Yes | No | No | No |
UiO Home directory (?M:-drive?) | Yes | 9 | Yes, 14 | No |
UiO shared drive for your unit or research group | Yes | Yes | Ja, 6 | No |
UiO Dropbox | Yes, 9 | Yes, 9 | No | No |
UiO Google Suite for Education | Yes, 9 | Yes, 9 | No | No |
Microsoft 365 for UiO (cloud storage for Office, Teams, SharePoint, OneDrive) | Yes | Yes, 9 | 3, 9, 15, 17 | No |
UiO TSD | Yes | Yes | Yes | Yes |
UiO "Storage hotel" | Yes | Yes | 6 | No |
UiO personal researcher storage | Yes, 9 | Yes, 9 | 6 | No |
Sigma2 | Yes | Yes | No | No |
NREC (previously UH-IaaS) | Yes | Yes | No | No |
Administrative services
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
UiO ePhorte and Elements | Yes | Yes | Yes | No |
UiO's payroll and personnel system | Yes | Yes | Yes | No |
Content management systems (CMS)
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
Vortex | Yes | Yes | 6 | No |
UiO Wiki | Yes | Yes | No | No |
Other services
Open (green) |
Restricted (yellow) |
In confidence (red) |
Strictly in confidence (black) |
|
---|---|---|---|---|
UiO Nettskjema | Yes | Yes | 5 | 5 |
UiO Request Tracker (RT) | Yes | Yes | 10 | No |
UiO Canvas | Yes | Yes | No | No |
UiO Mattermost | Yes | Yes | 13 | No |
UiO Zoom (uio.zoom.us) | Yes | Yes | 12 | No |
GIT for UiO (github.uio.no) | Yes | Yes | Yes | No |
Special Considerations for Research Data
Two types of data used in research require special attention. These are linkage keys, which in specific cases are used to connect anonymous data to individuals, and consent forms, which pertain to individuals' submitted information.
As a general rule, linkage keys and consent forms should always be stored separately from the data they belong to and are initially classified in the same category as the data. In TSD (Services for Sensitive Data), there are dedicated solutions for storing linkage keys and consent forms.
Notes
- Red data can be stored on a laptop with a fully encrypted disk, an encrypted memory stick or an encrypted external hard drive. The encrypytion must, at all times, meet the demands given in LSIS.
- Red data should not be sent openly via email. Red data can be sent by email if the content is encrypted with approved encryption before sending. See our guide on sensitivity labels and encryption in Microsoft 365. Otherwise, refer to LSIS for the applicable requirements.
- Red data can not be exported, downloaded, synchronized or collected to the home disk, laptops without an encrypted disk or other storage which is not approved for red data.
- In general, it is not recommended to store data or documents on the local drive of your computer or workstation.
- UiO Nettskjema supports collecting information and transferring it directly to TSD, which is approved for storing black data. Red data collected in Nettskjema should be deleted within a reasonable time or moved to, for example, research storage, shared areas, or Elements/ePhorte. See note 6. Nettskjema's dictaphone and image app stores data encrypted and is considered suitable for use on private devices as well..
- Red data can be stored in Vortex, on shared areas, or at UiO's data storage hotel following a special assessment and implementation of appropriate and proportional security measures, including access control.
- Red data can be processed in Educloud Research, but it is presumed that assessments are conducted as described in the user terms. Note that only TSD (Services for Sensitive Data) is approved for storing and handling directly identifiable health information.
- This category has expired.
- Information meant for sharing with your colleagues should not be stored in your home directory.
- Red data may be kept and handled in Request Tracker (RT) if you make an individual assessment of the risks. Care must be taken to ensure that red data is not put in open queues. Routines must be in place to ensure that red data is deleted.
- As a rule, yellow data is not allowed on your private laptops or computers. However, some limited use is accepted if you comply with the guidelines for using private computers.
- Red data are allowed in Zoom as long as they are streamed and not recorded. Recordings of red data in Zoom are allowed if you make an individual risk assessment of the data and its content. The recordings must be stored in accordance with this guide.
- Red data may be discussed in UiO Mattermost if the team is configured for IT staff.
- Exception: Red data resulting from cleaning up personal email in connection with the migration of email to Exchange Online in 2024 can be stored on the UiO home directory (M:). This exception only applies to administrative red data.
- Red data can be processed in Microsoft 365 services if encrypted with a sensitivity label or other approved encryption. See our guide on sensitivity labels and encryption in Microsoft 365. Refer to LSIS for current encryption requirements (Norwegian only).
- Note that folders often synchronize files to cloud storage services. This includes, for example, Desktop and Documents on most UiO computers. Refer to the requirements for the relevant cloud storage services in the storage guide.
- It is permitted to process red administrative and management data, which includes information related to administration, organizational operations, case handling, and governance, in Microsoft 365 for UiO (including services such as Office, Teams, SharePoint, and OneDrive). It is not permitted to process red research data in Microsoft 365.
Approved by the IT director 28. august 2018. Last updated in March 2025.