Norwegian version of this page

Data storage guide

Information processed at the University of Oslo has different protection needs. This guide informs you where you can securely and efficiently process, store and handle information, based on the classification it belongs to according to the classification guide. Click on the headings below to read more about the different main types of storage.  

NB! The numbers in the table refers to notes. The notes corresponding to the numbers are in the bottom of this page, under the heading Notes.

The colors in the table are based on the different classifications of information at UiO. →Read more about the different information classes and what they mean.

Also, refer to the Data Sharing Guide for information on the correct and legal sharing of information in the different information classes.

The Data storage guide does not constitute an exhaustive list. See the IT Service Catalog for supplementary information about specific services.

Storage on physical devices

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
Privately owned computer Yes 11 No No
UiO-owned computer, not UiO managed Yes 11 No No
UiO owned and managed computer Yes, 4 Yes, 4 Yes, 1, 34, 15 No
UiO managed cell phone Yes Yes Yes, 34 No
Memory stick / external hard drive Yes No No No
Memory stick / external hard drive – encrypted Yes Yes  1, 3 No

E-mail

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
Private e-mail 
(Gmail, Hotmail etc.)
Yes No No No
UiO e-mail Yes Yes 2, 3, 14 No

Storage services

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
Personal cloud service
(Dropbox, Google Drive etc.)
Yes No No No
UiO Home directory (?M:-drive?) Yes 9 Yes, 14 No
UiO shared drive for your unit or research group Yes Yes Ja, 6 No
UiO Dropbox Yes, 9 Yes, 9 No No
UiO Google Suite for Education Yes, 9 Yes, 9 No No
Microsoft 365 for UiO (cloud storage for Office, Teams, SharePoint, OneDrive) Yes Yes, 9 3, 9, 15, 17 No
UiO TSD Yes Yes Yes Yes
UiO "Storage hotel" Yes Yes  6 No
UiO personal researcher storage Yes, 9 Yes, 9 6 No
Sigma2 Yes Yes No No
NREC (previously UH-IaaS) Yes Yes No No

Administrative services

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
UiO ePhorte and Elements Yes Yes Yes No
UiO's payroll and personnel system Yes Yes Yes No

Content management systems (CMS)

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
Vortex Yes Yes 6 No
UiO Wiki Yes Yes No No

Other services

  Open 
(green)
Restricted
(yellow)
In confidence
(red)
Strictly in confidence
(black)
UiO Nettskjema Yes Yes 5 5
UiO Request Tracker (RT) Yes Yes 10 No
UiO Canvas Yes Yes No No
UiO Mattermost Yes Yes 13 No
UiO Zoom (uio.zoom.us) Yes Yes 12 No
GIT for UiO (github.uio.no) Yes Yes Yes No

Special Considerations for Research Data

Two types of data used in research require special attention. These are linkage keys, which in specific cases are used to connect anonymous data to individuals, and consent forms, which pertain to individuals' submitted information.

As a general rule, linkage keys and consent forms should always be stored separately from the data they belong to and are initially classified in the same category as the data. In TSD (Services for Sensitive Data), there are dedicated solutions for storing linkage keys and consent forms.

Notes

  1. Red data can be stored on a laptop with a fully encrypted disk, an encrypted memory stick or an encrypted external hard drive. The encrypytion must, at all times, meet the demands given in LSIS.
  2. Red data should not be sent openly via email. Red data can be sent by email if the content is encrypted with approved encryption before sending. See our guide on sensitivity labels and encryption in Microsoft 365. Otherwise, refer to LSIS for the applicable requirements. 
  3. Red data can not be exported, downloaded, synchronized or collected to the home disk, laptops without an encrypted disk or other storage which is not approved for red data.
  4. In general, it is not recommended to store data or documents on the local drive of your computer or workstation.
  5. UiO Nettskjema supports collecting information and transferring it directly to TSD, which is approved for storing black data. Red data collected in Nettskjema should be deleted within a reasonable time or moved to, for example, research storage, shared areas, or Elements/ePhorte. See note 6. Nettskjema's dictaphone and image app stores data encrypted and is considered suitable for use on private devices as well..
  6. Red data can be stored in Vortex, on shared areas, or at UiO's data storage hotel following a special assessment and implementation of appropriate and proportional security measures, including access control.
  7. Red data can be processed in Educloud Research, but it is presumed that assessments are conducted as described in the user terms. Note that only TSD (Services for Sensitive Data) is approved for storing and handling directly identifiable health information.
  8. This category has expired.
  9. Information meant for sharing with your colleagues should not be stored in your home directory.
  10. Red data may be kept and handled in Request Tracker (RT) if you make an individual assessment of the risks. Care must be taken to ensure that red data is not put in open queues. Routines must be in place to ensure that red data is deleted.
  11. As a rule, yellow data is not allowed on your private laptops or computers. However, some limited use is accepted if you comply with the guidelines for using private computers.
  12. Red data are allowed in Zoom as long as they are streamed and not recorded. Recordings of red data in Zoom are allowed if you make an individual risk assessment of the data and its content. The recordings must be stored in accordance with this guide.
  13. Red data may be discussed in UiO Mattermost if the team is configured for IT staff.
  14. Exception: Red data resulting from cleaning up personal email in connection with the migration of email to Exchange Online in 2024 can be stored on the UiO home directory (M:). This exception only applies to administrative red data.
  15. Red data can be processed in Microsoft 365 services if encrypted with a sensitivity label or other approved encryption. See our guide on sensitivity labels and encryption in Microsoft 365. Refer to LSIS for current encryption requirements (Norwegian only).
  16. Note that folders often synchronize files to cloud storage services. This includes, for example, Desktop and Documents on most UiO computers. Refer to the requirements for the relevant cloud storage services in the storage guide.
  17. It is permitted to process red administrative and management data, which includes information related to administration, organizational operations, case handling, and governance, in Microsoft 365 for UiO (including services such as Office, Teams, SharePoint, and OneDrive). It is not permitted to process red research data in Microsoft 365.

Approved by the IT director 28. august 2018. Last updated in March 2025.

Published Oct. 16, 2018 2:53 PM - Last modified Mar. 14, 2025 10:36 AM