Protect your Information
Information is an important asset, but not all information has the same value for the University. While all information should be kept secure, some data needs stronger protection than others when stored and sent.
Our Information Classification Policy and Implementation guide tells you about the classifications which we can apply to all information in the University:
- Strictly confidential
- Confidential
- Internal
- Public
Key messages
- Staff and students aren’t permitted to keep internal, confidential or strictly confidential information outside of Microsoft 365 or our network file store. This includes Dropbox and other third-party cloud solutions.
- If you use Microsoft 365, ensure your account isn’t being synced to a personal device. This may risk data getting into the wrong hands if your device is shared or you lose it.
- You can access Microsoft 365 files from anywhere, use it to collaborate and co-author documents.
Review
As our OneDrive file storage is to be capped, we thought it best to refresh our understanding of these different classifications and where this data should be stored.
The University of St Andrews sustainability commitment is to achieve net zero by 2035, and reducing the University’s digital carbon footprint has a role to play. It is therefore important we only keep the files we need in a secure and appropriate location.
Information is an important asset, but not all information has the same value for the University. While all information should be kept secure, some data needs stronger protection than others when stored and sent.
External drives
We strongly advise against using or purchasing external portable storage devices such as external hard drives, USB drives, DVDs, and CDs.
- Longevity – They are generally unsuitable for long-term storage. The lifespan of external storage devices cannot be guaranteed. They are prone to failure through wear and tear or accidental damage.
- Risk of loss, damage or theft – External storage devices are easily lost, misplaced, damaged or stolen due to their size and portability. This can lead to the irreversible loss of important data.
- Security concerns: These devices are not suitable for storing unencrypted sensitive data. Unauthorised access to such information can result in serious security breaches.
3rd Party cloud storage
- Third-party data processing contract must be in place before information is passed into a cloud service. Email [email protected]
Examples of classification
To help we created this info-graphic. It illustrates a few examples of each classification, the storage options, and the features of each.
More information is available on our file storage web page.
If you need advice or clarification on data destruction, contact [email protected].